Configuring VPN Remote Access for the first time on your Sophos XG Firewall? Check out this useful Community post!
We'd love to hear about it! Click here to go to the product suggestion community
i am about to go from NAT to the WAF of our UTM (9.7) to distribute our Exchange (2013).
For that i went with the Tutorials from frankysweb.de which helped me a lot.
But i have still some questions about the filter rules in the firewall profiles which has to be skipped.
Since these rules are just some numbers i would like to clarifiy what i skip when i choose to set these numbers to the skipping list or what is mandatory to skip for an Exchange 2013 Server to work properly.
I would suggest going through this recommended read post: Sophos UTM: Securing Web Application Firewall (WAF) and this KBA Sophos UTM: How to bypass individual WAF rules.
For your configuration, please read https://community.sophos.com/products/unified-threat-management/f/web-server-security/50352/waf-on-v9-3-for-exchange-2013-on-single-server-ip-fqdn-certificate and Sophos UTM: Web Application Firewall for Exchange 2016
In reply to Jaydeep:
thank you for these links but they aren't very helpful.
I've found some guides and how-tos which all are showing different filter rules to skip but there is practically no info what exactly will be skipped when implementing a specific rule.
What, for instance, means to skip filter rule 960015? or 981203?
In reply to Revan:
These filter rules are mod security rules. And relevant details can be obtained from the recommended read I mentioned in my earlier post. If you want some of the most common modes, please take SSH access of the UTM as root and enter this command: cat /etc/modsecurity/waf_reporting.ph This will print out some 271 rules. Others can be searched on OWASP website or their documents page.